HIGH🇵🇱 Wersja polska

CVE-2025-27511

CVSS 7.2v3.1pub. 2026-06-18upd. 2026-06-24

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Osgeo Geoserver

    APP
    Osgeo
    < 2.27.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2024-34711CRITICAL9.3PL ✓ten sam produkt

GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)

CVE-2025-30220CRITICAL9.9PL ✓ten sam produkt

XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity

CVE-2023-25157CRITICAL9.8ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2025-52465HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26...

CVE-2024-29198HIGH7.5ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...